I traced the problem down to the 'user_role' entry in the database: The role of the user used by the manager-app had role "admin,manager" (like in 'tomcat-users.xml' in a memory Realm) which does not work. Changing the user_role to 'manager' puts it......but now the admin-app using the same user complains.
Maybe class "org.apache.catalina.realm.DataSourceRealm" works different than "org.apache.catalina.realm.UserDatabaseRealm" regarding comma seperated roles ? grisi ----- Original Message ----- From: Dirk Griesbach <[EMAIL PROTECTED]> To: Tomcat Users List <[EMAIL PROTECTED]> Sent: Thursday, December 11, 2003 9:57 AM Subject: Re: Tomcat 5.0.16 : manager-app access > Hi Adam, > > thanx for your hint, is there a FAQ or Readme on TC5 I missed ? > > I moved the manager.xml to ...\conf\catalina\localhost. > It has the following content: > " > <Context path="/manager" docBase="../server/webapps/manager" > debug="0" privileged="true"> > > <ResourceLink name="users" global="UserDatabase" > type="javax.sql.DataSource"/> > </Context> > " > You're right, the Realm is defined in the server.xml: > > " > ... > <GlobalNamingResources> > ... > <Resource name="UserDatabase" > auth="Container" > type="javax.sql.DataSource" /> > > <ResourceParams name="UserDatabase" > > .... > </ResourceParams> > </GlobalNamingResources> > " > Unfortunately: no effect, "403 - Access to the requested resource has been > denied" > The admin-app still shows no entry in 'User database" > > Is there something else that's worth having a look at ? > > Dirk > > ----- Original Message ----- > From: Adam Hardy <[EMAIL PROTECTED]> > To: Tomcat Users List <[EMAIL PROTECTED]> > Sent: Wednesday, December 10, 2003 10:17 PM > Subject: Re: Tomcat 5.0.16 : manager-app access > > > > On 12/10/2003 05:49 PM Dirk Griesbach wrote: > > > hello folks, > > > > > > a question on datasource realms and the manager app: > > > > > > When I installed TC 5.0.16 'out-of-the-box' I could start the > manager-app. > > > > > > Then I deployed our webapp (manually), configured a DataSourceRealm > using mysql > > > for authentification, configured SSL, form based LogIn and ... the > webapp works fine. > > > (The resource name is still "UserDatabase") > > > > > > But if I now try to use the manager-app I get the error: "403 - access > denied" without even being prompted. > > > > > > I've modified "..server\webapps\manager\WEB-INF\web.xml" so that it > reads: > > > > > > "... > > > <resource-env-ref-name>UserDatabase</resource-env-ref-name> > > > <resource-env-ref-type>javax.sql.DataSource</resource-env-ref-type> > > > .... > > > " > > > > > > and "..server\webapps\manager\manager.xml" that it reads > > > > > > "... > > > <ResourceLink name="users" global="UserDatabase" > > > type="javax.sql.DataSource"/> > > > .... > > > " > > > ....no effect. > > > > > > Even more strange the behaviour of the "admin-app": > > > > > > The Login-screen appears as usual and login data that complies with the > the DataSource Realm is being accepted. > > > Clicking on "dataSource" shows up the 'mysql-jdbc' Installation. > > > Clicking on 'user database' shows....nothing. > > > Clicking on 'user roles, groups' etc. results in an error > > > "The server encountered an internal error (Error retrieving attribute > groups) that prevented it from fulfilling this request." > > > Admin-app uses struts with TagLibs, is there something hardcoded in > there ? > > > > > > Why do the these two applications not recognize the new Realm ? > > > > > > Hi Dirk, > > presumably you configured the realm in the server.xml. > > > > You need to put the manager.xml file in conf/Catalina/localhost/ which > > is the new place for it in 5.x > > > > Adam > > -- > > struts 1.1 + tomcat 5.0.16 + java 1.4.2 > > Linux 2.4.20 Debian > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
